[Cryptography] Apple and OpenSSL

Theodore Ts'o tytso at mit.edu
Mon Apr 21 09:27:19 EDT 2014 

On Sun, Apr 20, 2014 at 10:39:13PM -0400, Jerry Leichter wrote:
> On Apr 20, 2014, at 8:01 PM, Theodore Ts'o <tytso at mit.edu> wrote:
> > If you design your interfaces to maximize ABI stability (and you don't
> > use C++, because every single time you add even a private variable to
> > the base class, it breaks ABI compatibility for all of the
> > subclasses), it is possible to make this kind of ABI stability for far
> > longer than "we'll break the world every year or two".
> Of course, the same thing happens in C if you duplicate the underlying cause:
> 
> struct A {
> ...
> }
> 
> struct B {
>    struct A a;
>    ...
> }
> 
> If you do anything that changes struct A's length, everything referring to B is likely to break.

You can solve this problem two different ways.  You can either put a
type and length values at the beginning of each object, so you can
always dynamically find the end of the structure (this is what
Microsoft COM did decades ago), or you can use pointers everywhere, so
struct B doesn't contain struct A, but contains a pointer to struct A.

The latter is how most systems that use "object orientated principles"
in C do things.

So this is of course not a fundamental fault in the language.  It
would be possible to create an C++ calling convention/runtime
architecture where you could change the base class without breaking
ABI compatibility of its subclasses.  But this would require breaking
the existing ABI, and it would also require that C++ classes not use
inline functions for any of their method functions, and do a number of
other things to provide a stable ABI --- and most of the C++ code out
there don't bother to do any of these things, because culturally, C++
and "stable ABI" have been incompatible for a long, long time.

It's not impossible; the Qt and KDE folks have figured out ways of
making this happen.  But you have to do a lot of unnatural things to
hack around deficiencies in C++ and its runtime bindings:

	http://www.elpauer.org/2007/05/abi-compatibility-in-c/

							- Ted

More information about the cryptography mailing list